OpenBSD ftpd v2.4_BASE through 2.8 remote root exploit. Includes offsets for v2.6 through v2.8 and instructions for finding offsets of other versions. Requires a writable directory.
e60d36076da9b2566b60a358f1600945cb7392b7f05305acfc0f2dfa49415169
OpenBSD 2.7 local root exploit for /usr/bin/fstat + libutil exploit. Tested against OPenBSD 2.7 i386.
0871c02f9900cd9d31c6b18d39964674456feb034d0b15de1647853203cc0096
/usr/bin/chpass local EDITOR variable format string exploit for *BSD. Tested on OpenBSD, FreeBSD, and NetBSD.
97b3137f4851f097d02215919feb794baf8bc78203a4d676704fcda9229e4198